Central Manager running on a VM keeps losing connectivity to the Security Analytics sensors

book

Article ID: 169019

calendar_today

Updated On:

Products

Security Analytics

Issue/Introduction

A CMC on a VM may lose network connectivity about once per day.  Rebooting brings the connection back up but rebooting everyday may not be acceptable. It was reported that TCP segmentation could be done by the CPU to resolve the problem.  Typically the NIC does the segmentation for performance reasons.

In computer networking, large segment offload (LSO) is a technique for increasing outbound throughput of high-bandwidth network connections by reducing CPU overhead. It works by queuing up large buffers and letting the network interface card (NIC) split them into separate packets. The technique is also called TCP segmentation offload (TSO) when applied to TCP,

Resolution

The solution is to disable TCP Segmentation Offload with:

/usr/sbin/ethtool -K eth0 tso off 

To check the setting, run ethtool -k | grep segmentation